This bill aims to strengthen cybersecurity measures within the state of Kansas by consolidating cybersecurity services under the leadership of chief information security officers (CISOs) for each branch of government. It removes expiration provisions from existing cybersecurity legislation, ensuring that the established responsibilities and standards remain in effect indefinitely. The bill amends several statutes to define the role of the CISO in various state offices, including the Department of Insurance, Secretary of State's office, State Treasurer's office, and the Attorney General's office. Each CISO is responsible for developing a cybersecurity program that aligns with the National Institute of Standards and Technology (NIST) Cybersecurity Framework and ensuring that all employees undergo annual cybersecurity awareness training.

Furthermore, the bill establishes CISOs for both the judicial and legislative branches, detailing their responsibilities, including overseeing cybersecurity for branch data and ensuring compliance with national standards. It mandates that all cybersecurity services be administered by the respective chief information technology and security officers starting July 1, 2027, and requires a comprehensive plan for integrating executive branch IT services. Additionally, all government websites must transition to a ".gov" domain by February 1, 2025. The bill includes provisions for compliance audits and penalties for non-compliance, while also repealing previous sections that are now obsolete, thereby streamlining the legal framework governing cybersecurity in Kansas.

Statutes affected:
As introduced: 40-110, 45-215, 75-413, 75-623, 75-710, 75-711, 75-7203, 75-7245, 75-7206a, 75-7208a, 76-711, 75-7246